Radiology Associates of Richmond Data Breach Exposes PHI, PII, and Financial Data of 266,000 Individuals – Cybersecurity Incident Analysis

Staff Editor 2026-05-26
Radiology Associates of Richmond Data Breach Exposes PHI, PII, and Financial Data of 266,000 Individuals – Cybersecurity Incident Analysis

Radiology Associates of Richmond Data Breach Exposes PHI, PII, and Financial Data of 266,000 Individuals – Cybersecurity Incident Analysis

https://www.rescana.com/post/radiology-associates-of-richmond-data-breach-exposes-phi-pii-and-financial-data-of-266-000-individuals-cybersecurity-inc

Publish Date: 2026-05-26 03:04:00

Source Domain: www.rescana.com

Executive Summary

Radiology Associates of Richmond (RAR) experienced a significant data breach affecting approximately 266,000 individuals. The breach resulted in unauthorized access to sensitive information, including protected health information (PHI), personally identifiable information (PII), and financial data. The incident was discovered on or about July 25, 2025, with forensic investigations confirming that files containing PHI were acquired without authorization. Notification letters to affected individuals began on May 21, 2026. There is a timeline discrepancy between RAR’s official notice and regulatory filings regarding the initial breach window, but all sources confirm the scale and sensitivity of the data compromised. As of the latest disclosures, there is no evidence of misuse of the compromised data, nor has any specific threat actor or malware been publicly identified. The breach has significant implications for healthcare sector data security, regulatory compliance, and patient trust. All information in this summary is based on official disclosures and regulatory filings as referenced below.

Technical Information

The breach at Radiology Associates of Richmond involved unauthorized access to the organization’s network environment, resulting in the acquisition of files containing PHI and other sensitive data. The incident was discovered on or about July 25, 2025, according to RAR’s official notice (https://rarichmond.com/notice-of-data-security-incident/). However, regulatory filings indicate the breach may have occurred between April 2, 2024, and April 6, 2024, with discovery on May 2, 2025 (https://www.claimdepot.com/data-breach/radiology-associates-of-richmond). This discrepancy in the timeline is noted, but all sources agree on the notification date to affected individuals as May 21, 2026.

The types of data compromised include names, Social Security numbers, dates of birth, addresses, government-issued identification numbers, medical…

Source

More Stories

UNC’s risk assessment misses cybersecurity, Roberts says

UNC’s risk assessment misses cybersecurity, Roberts says

Staff Editor 2026-05-26
Ucom, Microsoft Innovation Centre collaborate on cybersecurity education

Ucom, Microsoft Innovation Centre collaborate on cybersecurity education

Staff Editor 2026-05-26
ECB presses banks over AI-driven cybersecurity risks

ECB presses banks over AI-driven cybersecurity risks

Staff Editor 2026-05-26

Terms and Conditions - Privacy Policy